Effective date: January 1, 2026
1.1. This Privacy Policy (the "Policy") explains how TravelContext Inc. doing business as Hosto.ai ("Hosto.ai", "we", "us", "our") collects, uses, shares, stores, and protects personal data in connection with our websites, applications, APIs, and software-as-a-service offerings (collectively, the "Service").
1.2. Controller. For website visits, marketing, account administration, and direct customer relationships, TravelContext Inc. is the data controller.
1.3. Processor. For Customer Content that customers upload or route through the Service (for example, listing data, guest messages, reservation details pulled from connected platforms), we process personal data as a processor on behalf of the customer under a Data Processing Addendum (DPA).
1.4. Entity and contact. TravelContext Inc., Miami Beach, Florida, United States. Contact: legal@hosto.ai.
1.5. Scope. This Policy applies to the Service and to communications you receive from us. It does not cover third-party platforms you connect to Hosto.ai (for example, Airbnb, Vrbo, Booking.com, payment gateways) or other third-party sites and services.
1.6. Effective date. January 1, 2026.
2.1. Data you provide directly
2.1.1. Account and profile data (name, business name, email, phone, country, time zone, role).
2.1.2. Billing data (billing contact, tax IDs, billing address; limited payment instrument information handled by our payment processor).
2.1.3. Customer Content you submit to or through the Service (for example, listings, photos, descriptions, rates and availability, reservations, guest messages, tags, notes, attachments).
2.1.4. Support and communications (tickets, chat, email, call recordings where permitted, feedback, survey responses).
2.1.5. Marketing preferences and consents.
2.2. Data from integrations you enable
2.2.1. Channel platforms you connect (for example, Airbnb, Vrbo, Booking.com, Expedia Group brands) including listing content, calendars, rates, availability, reservations, and messaging metadata and content.
2.2.2. Payment processors and financial apps you connect (for example, payments, payouts, reconciliation data).
2.2.3. Other apps you authorize (for example, email, calendar, identity providers, analytics).
2.2.4. We access, store, and process data from integrations only as configured or authorized by you, in order to provide the Service.
2.3. Data collected automatically
2.3.1. Usage, telemetry, and log data (actions taken in the product, timestamps, IP address, device and browser information, language, referring/exit pages, identifiers, feature flags, crash reports).
2.3.2. Cookies and similar technologies (pixels, SDKs, local storage) for authentication, security, preferences, analytics, and where permitted, advertising and measurement.
2.3.3. Approximate location derived from IP address for security and localization.
2.4. Data from third parties
2.4.1. Service providers and partners (for example, fraud prevention, enrichment, analytics).
2.4.2. Public sources (for example, corporate registries, publicly available listing information).
3.1. To provide, operate, and maintain the Service, including account creation, authentication, user management, workspaces, and feature delivery.
3.2. To connect and synchronize with platforms and services you authorize (for example, import listings, sync rates and availability, manage reservations, send and receive guest messages).
3.3. To provide support, resolve issues, and respond to inquiries.
3.4. To bill, process payments, prevent fraud, collect amounts due, and manage taxes.
3.5. To secure the Service, monitor, detect, and prevent security incidents and abuse, and enforce terms and policies.
3.6. To analyze performance and improve the Service, including quality assurance, research and development, testing, and training of product features.
3.7. To send administrative communications (for example, service announcements, transactional emails, renewal notices) and, where permitted, product updates and marketing communications.
3.8. To comply with law, legal process, and governmental requests, and to protect rights, safety, and property.
3.9. AI and recommendations. The Service may generate suggestions (for example, pricing guidance, message drafts). We may use de-identified or aggregated data to improve these features. We do not use your Customer Content to train publicly available models.
4.1. Contract performance (for example, delivering the Service you purchased, connecting integrations you configure).
4.2. Legitimate interests (for example, securing and improving the Service, preventing fraud and abuse, measuring engagement, contacting you about important service changes), balanced against your rights and expectations.
4.3. Consent (for example, optional cookies or marketing communications where consent is required).
4.4. Legal obligation (for example, tax and accounting records, responding to lawful requests).
4.5. Vital interests (rare; for example, addressing a safety threat).
5.1. Service providers (sub-processors) that host, support, or process data for us under contract, including cloud hosting, storage, analytics, logging, monitoring, email/SMS delivery, customer support tools, identity and access management, payments, and security.
5.2. Third-party platforms and integrations you authorize (for example, Airbnb, Vrbo, Booking.com). Data flows to those platforms occur under your direction, and their terms and privacy policies apply.
5.3. Professional advisors (for example, auditors, accountants, lawyers) under confidentiality obligations.
5.4. Business transfers (for example, merger, acquisition, financing, or sale of assets).
5.5. Legal and safety (for example, to comply with law or valid legal process, to enforce agreements, or to protect rights and safety).
5.6. Aggregated or de-identified data that does not identify you or your end users.
5.7. We do not sell personal information. Where "sharing" for cross-context behavioral advertising is regulated, we do not share personal information for that purpose without a lawful basis (for example, consent where required) and opt-out controls.
6.1. Storage and processing occur primarily in the United States.
6.2. When transferring personal data from the EEA, UK, or Switzerland to countries without an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and UK addendum, as applicable), plus supplementary measures where appropriate.
6.3. You may request a copy of applicable transfer safeguards by contacting legal@hosto.ai.
7.1. We retain personal data for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce agreements.
7.2. Operational cadence aligned with the Terms of Service: a 30-day data export window after termination, deletion of active Customer Data initiated within 45 days thereafter, and backups/system logs that may persist for up to 90 days and are then purged in the ordinary course.
7.3. Specific records (for example, invoices, tax and accounting records, security logs) may be retained for longer periods where required by law or for legitimate business needs.
8.1. We implement administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit and at rest, access controls, least-privilege practices, vulnerability management, and monitoring.
8.2. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
8.3. If we become aware of a personal data breach affecting your Customer Data, we will notify you without undue delay and provide information reasonably required to help you meet your obligations.
9.1. Account settings allow you to update profile details, change notification preferences, and manage workspace members and roles.
9.2. Marketing emails include an unsubscribe link. You may also request changes by emailing legal@hosto.ai.
9.3. You may disconnect integrations you previously authorized. Disconnecting may affect functionality.
10.1. You have the right to request access to, rectification of, or erasure of your personal data; to restrict or object to processing; and to data portability.
10.2. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
10.3. Automated decision-making. We do not make decisions based solely on automated processing that produce legal or similarly significant effects about you.
10.4. To exercise rights, contact legal@hosto.ai. We may need to verify your identity and will respond within one month (extendable where permitted).
10.5. You may lodge a complaint with your local supervisory authority.
11.1. Categories collected. Depending on your interactions with the Service, we may collect identifiers (name, email, IP address), commercial information (plan, transactions), internet/network activity (usage logs), geolocation (approximate), professional or employment information (business role), and in limited cases user-generated content. We do not intentionally collect sensitive personal information except where you provide it and only as necessary for the Service (for example, tax IDs for billing).
11.2. Sources. You, your organization, integrations you authorize, cookies/SDKs, and service providers.
11.3. Purposes. As described in Section 3.
11.4. Disclosures. We disclose personal information to service providers and to platforms/integrations you authorize, to professional advisors, in connection with business transfers, and for legal/safety.
11.5. Sale or sharing. We do not sell personal information. We do not share personal information for cross-context behavioral advertising without a lawful basis and opt-out controls.
11.6. Retention. See Section 7.
11.7. Rights. Depending on your state, you may have rights to access/know, correct, delete, obtain a portable copy, and opt out of targeted advertising, sale, or certain profiling.
11.8. Submitting a request. Email legal@hosto.ai or use in-product controls where available. We will verify your request and respond within the timelines required by law. You may use an authorized agent subject to verification. Some states provide an appeal right; you may appeal a denial by replying to our response with "Appeal."
11.9. Non-discrimination. We will not discriminate against you for exercising your privacy rights.
12.1. The Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact legal@hosto.ai to request deletion.
13.1. The Service may provide automated recommendations (for example, pricing guidance, message drafts). These features are tools for you to evaluate and use at your discretion and are not used to make decisions with legal or similarly significant effects about you without human involvement.
14.1. Methods. You may submit requests through in-product settings where available or by emailing legal@hosto.ai with "Privacy Request" in the subject line and identifying the right you wish to exercise.
14.2. Verification. We may request information to verify your identity or authority.
14.3. Timing. We respond within the timeframe required by applicable law.
14.4. Appeals. Where provided by law, you may appeal our decision by replying to our response with "Appeal."
15.1. The Service may include links to third-party sites and services. Their privacy practices are governed by their own policies.
15.2. When you connect a third-party platform to Hosto.ai, you direct data exchanges between that platform and Hosto.ai. You are responsible for complying with the third-party platform's terms and privacy policy.
16.1. We may update this Policy from time to time. If changes are material, we will provide reasonable notice (for example, via the Service or by email).
16.2. The updated Policy takes effect on the date posted unless otherwise stated.
17.1. When we act as processor, our Data Processing Addendum applies and is incorporated by reference. You may request a copy at legal@hosto.ai.
17.2. We maintain a list of sub-processors used to deliver the Service and will provide notice of material changes as required by the DPA. You may request the current list at legal@hosto.ai.
19.1. If we appoint an EU or UK representative under Article 27 GDPR, we will publish the representative's contact details and update this Policy.
19.2. EEA/UK/Swiss individuals may lodge complaints with their supervisory authority. Contact details are available from local data protection authorities.
20.1. "Customer Content" means any data, content, or materials that a customer or user submits to or through the Service, including data synchronized from third-party platforms.
20.2. "Personal data" or "personal information" means information relating to an identified or identifiable natural person, as defined by applicable law.
20.3. "Processing" means any operation performed on personal data, such as collection, storage, use, disclosure, and deletion.
20.4. "Service" means the Hosto.ai website, platform, APIs, and related services provided by TravelContext Inc.
21.1. Controller and primary contact: TravelContext Inc. (Hosto.ai), Miami Beach, Florida, United States.
21.2. Email: legal@hosto.ai.
21.3. We will respond to privacy inquiries and rights requests at this address.
Copyright © 2026 TravelContext Inc. All Rights Reserved.